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Cd ■ Abstract 

In this paper we present FASE (Fast Asynchronous Systems Evaluation), a tool for evaluating 
^ I worst-case efficiency of asynchronous systems. This tool implements some well-established results in 

the setting of a timed CCS -like process algebra: PAFAS (a Process Algebra for Faster Asynchronous 
Q , Systems). Moreover, we discuss some new solutions that are useful to improve the applicability 

I of FASE to concrete meaningful examples. We finally use FASE to evaluate the efficiency of three 

c/2 ' different implementations of a bounded buffer and compare our results with previous ones obtained 

^ when the same implementations have been contrasted according to an efficiency preorder. 

o ■ 1 Introduction 

^ ' In concurrent and distributed systems, study time aspects at an early stage of software development plays 
■ an important role to ensure the correct temporal execution of system activities. In recent years, PAFAS 
O ■ has been proposed as a powerful tool for evaluating the worst-case efficiency of asynchronous systems 
(SI [5J. PAFAS is a CCSL9J-like timed process algebra where system activities are represented by du- 
rationless actions and time passes in between them [2J. Thus, actions are atomic and instantaneous but 
• ^ have associated a time bound interpreted as the maximal time delay for their execution. This timing infor- 
^ mation can be used to evaluate efficiency without influence functionality (which actions are performed). 
c3 So, compared to CCS, also PAFAS treats the full functionality of asynchronous systems. In [6], process 
are compared via a variant of the testing approach developed in [7J by considering test environments 
(as in [7]) together with a time bound. A process is embedded into the environment (via parallel com- 
position) and satisfies a test if success is reached before the time bound in every run of the composed 
system, i.e. even in the worst case. This gives rise to a faster-than preorder relation over processes that is 
naturally an efficiency preorder. Furthermore, this preorder can be characterised as inclusion of a special 
kind of refusal traces which provide decidability of the testing preorder for finite state processes. The 
faster-than preorder has been equivalently defined in [5] on the basis of a performance function that gives 
the worst-case time needed to satisfy any test environment (or user behaviour). Another key result in []5] 
shows that, whenever the above testing scenario is adapted by considering only test environments that 
want n task to be performed as fast as possible, the performance function is asymptotically linear. This 
function is a quantitative performance measure that describes how fast a system responds to requests 
from the environment. This paper presents FASE, a corresponding tool that supports us to automatically 
evaluate the worst-case performance of a PAFAS process. FASE has been successfully used in [3] to relate 
three different implementations of bounded buffer: Fife (first-in-first-out queue). Pipe (sequence of cells 
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connected end-to-end) and Buff (an array used in a circular fashion). The results obtained in [j3l were 
also compared with those in [4] where the same implementations have been contrasted via the efficiency 
preorder in []6l. 

2 PAFAS 

We adopt the following notation: A (ranged over by a, 6, c, ... ) is an infinite set of basic actions with the 
special action cu reserved for observes (test processes) in the testing scenario to signal the success of a 
test. Action r represents an internal activity unobservable for other components; we define = A U {r} 
where elements are ranged over by a, /3, ■ ■ ■ . We assume that actions in A,- can let time 1 pass as maximal 
delay before their execution; after that time they become urgent. The set of urgent actions is denoted by 
A^ = {a I a G A} U {r} and is ranged over by a, /3, ... . X (ranged over hy x,y, z, . . .) is the set of 
process variables, used for recursive definitions. A general relabelling function $ : A^ — )■ A,- is such 
that {a G At- I 7^ $^^(a) 7^ {«}} is finite and $(r) = r. General relabelling functions subsume both 
relabelling and hiding (see dH). 

The set P of (timed) processes is the set of closed (i.e., without free variables) and guarded (i.e., 
variable a; in a recursive term iix.P only appears within the scope of a action-prefix) terms generated by 
the following grammar: P ::= | 7.P | P + P | P|U-P | PW\ \ ^ \ /U2;-P, where 7 is either a 
or a for some a G A^, $ is a general relabelling function, x G X as expected and A C A possibly infinite. 
is the Nil-process which cannot perform any action but may let time pass without limit. a.P and a.P 
is the (action-) prefixing, known from CCS; a.P can either perform a immediately or can idle for time 1 
and become a.P. In the latter case, the idle-time has elapsed and a must either occur or be deactivated (in 
a choice-context) before time may pass further. Our processes are patient: as a stand-alone process, a.P 
has no reason to wait; but as a component in a.P\\{a}0'-Q, it has to wait for synchronisation on a and this 
can take up to time 1, since component a.Q may idle this long. Pi + P2 models the choice between two 
processes Pi and P2. Pi 11^-^2 is the parallel composition of two processes Pi and P2 that run in parallel 
and have to synchronise on A [[8l|. 

The temporal behaviour is given by means of the so-called refusal traces. Intuitively, a refusal trace 
records, along a computation, which actions P can perform (P P', ol G At-) and which actions P 

can refuse to perform (P P', X C A)Q A transition P P' is a conditional time step. Actions 
in X are not urgent and, hence, P is justified in not performing them and performing a time step instead. 
Since other actions might be urgent, P might actually be unable to refuse any possible action (e.g. a.P 
can never refuse a). Nevertheless, as a components of a larger system, it can refuse some of its urgent 
actions due to synchronisation with the environment. As an example: as a component of a.P||{a}a.(5, 
a.P can refuse a since its synchronisation partner Q can do so. We say that P perform a/w// time step 
1 A 

(written P P') if P — >r P' ■ A discrete trace is any sequence in w G (A^ U {!})* that P can perform. 
Finally, DL(P) and RT(P) are the sets of discrete traces and refusal traces (resp.) of P. 

The efficiency preorder in [j6l is timed variation of the testing preorder in [|7]. In [|6l, (timed) tests are 
pairs (O, D) where O is a test environment (or user behaviour, i.e. a process that contains uj) and D G No 
is an upper time bound. A process P satisfies a timed test (O, D) if each discrete trace v G DL(P || a\w O) 
whose duration (i.e. its number of I's) is greater than D contains some uj. We say that P is faster than 
Q (written P □ Q) if P (i-satisfies all tests that Q rf-satisfies. Moreover, □ can be characterised by 
inclusion of refusal traces. This efficiency preorder is qualitative in the sense that a test is either satisfied 
or not, and that a process is more efficient than another or not. However, as shown in [[51, it can be 

^ We omit here the (almost standard) SOS-rules defining the transition relations ^ and (see Q for further details). 
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rephrased in terms of a (quantitative) performance function p{P, O) that gives the worst-case time that P 
needs to satisfy the test O. In more details, P □ Q iff p{P, O) < p{Q, O) for all test process O. Yet, the 
performance function (as the preorder □) contrasts processes w.r.t. any possible test environments. In 
some cases this might be too demanding and one can make some reasonable assumption about the user 
behaviours. In particular, one could be interested in users that have a number of requests (made via an 
m-action) that they want to be answered (via an owt-action) as fast as possible. This is the class of users 
W = {Un I ^ > 1} where Ui = in.out.u and f/„ = f/„_i ||{^} in.out.u (for any n > 1). Given these 
users, the response performance is defined to be the function : N — )■ No such that rpp{n) = p(P, Un) 
( n is the number of requests of the user). 

Below we briefly describe how this response performance function is calculated in [SJ. To this aim we 
only consider the so-called response processes, i.e. processes that can reasonably serves users in iJ^. Now, 
we first observe that, for any given n, rpp{n) is obtained as the supremum of durations of all discrete 
traces in DL(P || Uu) that do not contain u. Traces in DL(P || Uu) are just paths in RTS(P || Uu) that 
only contain full time steps. Moreover, for each of such paths there is a corresponding path in rRTS(P)| 



with the same number of conditional time steps. Thus, to calculate rpp{n) it will suffice to consider 
path in rRTS(P). A first result in [5 | states that the response performance of a response process P is the 
supremum of the number of time steps taken over all paths in rRTS(P) with enough m's and out's to 
satisfy the user f/„ (so called n-critical paths). A this stage, a key observation is that, when the number 
n of requests is large compared to the number of processes in rRTS(P), a n-critical path with many 
time steps must contain cycles. Thus, it turns out to be essential to find the worst cycles. In [5J these 
worst-cycles are distinguished to be either catastrophic or bad cycles. A cycle in rRTS(P) is said to be 
catastrophic if it has a positive number of time steps but no iris and no ouVs. More intuitively, if rRTS(P) 
contains a catastrophic cycle, there is at least a path in rRTS(P) with arbitrarily many time steps and, 
hence, there is at least an n such that rpp{n) = oo. If P is free from such cycles, rpp{n) = an + 6(1) 
is asymptotically linear (see Theorem 16 in [5]). The asymptotic factor a of rpp{n) is determined by 
considering cycles reached from P by a path where all time steps are full and which themselves contain 
only time steps that are full; let the average performance of such a cycle be the number of its full time 
steps divided by the number of its m's. We call a cycle bad if it is a cycle of maximal average performance 
in rRTS(P). Finally, the asymptotic factor of P is the average performance of a bad cycle. 



FASE is a useful tool developed at University of Camerino to automatically evaluate the worst-case effi- 
ciency of asynchronous systems. It is written in Java and consists of two main components. The former 
one is the parser unit that reads a string representing a PAFAS process P and builds its RTS(P). The 
second component is the performance unit the uses the RTS(P) to implements all the technical stuffs 
discussed in the previous section. Moreover, it also provides some diagnostic informations that help the 
user to better understand to behaviour of the process. 

The tool automatically checks if a process has some catastrophic cycles or not. The original solution 
proposed in [5 | makes use an algorithm whose a complexity is 9(N^) {N are the nodes of the graph 
rRTS(P) of a process P). If P is a complex process, the state space of rRTS(P) can be very large and 
the original solution becomes slow. FASE (see [3J) adopts a new solution that takes advantage from the 
correspondence between cycles and strongly connected components [1]. This improved solution has a 

^In Q a response process is a process that only perform m's and out's as visible actions and never produce more responses 
than requests. 

^This is a reduced version of RTS(P). See Q for more details. 
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complexity of 0{N + E) where N and E are the nodes and the edges in rRTS(P). We refer to [3J for a 
running time comparison between the two algorithms. 

If P does not have catastrophic cycles, FASE looks for bad cycles in order to determine its average 
performance. In doing that, FASE adopts the original solution [5] with some improvements that provide 
the user with information about the bad cycle just computed. Since bad cycles are computed in 0{N'^), 
we are currently investigating new strategies to limit in some way this complexity. 

We are also working on a solution to determine the response performance of P for a given n. Dif- 
ferent approaches are under investigation but they still need to be validated. Currently, FASE executes an 
exhaustive search on rRTS(P) that looks for the n-critical path whose duration is maximal; clearly as n 
increases this solution becomes soon intractable, especially for complex processes. 

4 A Case Study and concluding remarks 

In [|3]|, FASE has been used to evaluate the worst-case efficiency of three different implementations of a 
bounded buffer of capacity + 2 whit G N+. These implementations have already been considered 
in [j41. We were interested in studying if the results steted in [4J still hold in our qualitative setting. Fife 
is a bounded-length first-in-first-out queue, purely sequential and without overhead (in terms of internal 
actions). Pipe implements the buffer as the concatenation of + 2 cells, where each one is an I/O device 
that stores at most one value. Cells are connected end-to-end that is the output of a cell is the input of the 
next one. Finally, BufF uses N cells as a storage Mem that interacts with a centralised buffer controller 
BC; BC manages Mem in a circular fashion and also retains the oldest undelivered value and outputs it 
whenever possible. In [3] we have obtained interesting results relating the three buffers. We have used 
FASE to prove that none of these implementations has catastrophic cycles. Moreover, we have also shown 
that '^Ppjfo('^) = 2n, '"Ppjpe = 2n + N + \ and '^Pg^ff^'^) ~ Thus, Fife is more efficient than 
both Pipe and Buff, while Buff is more efficient than Pipe iff n < [A^ + 1/2J . These results are quite 
different from those in [4] where the buffers have been compared by means of the efficiency preorder 
in [|6|. The authors proved that Fife and Pipe (but also BufF and Pipe) are unrelated (i.e. the former 
process is not more efficient than the latter and vice versa) while Fifo is more efficient than Buff but not 
vice versa. Intuitively, this is due to the fact that rp contrasts processes w.r.t. to a specific class of user 
behaviours while the preorder □ contrasts process w.r.t. any possible test. To prove if our intuition is 
correct, we are working on the definition (and characterisation) of a slight variation of the faster-than 
preorder given in [6 1 that allows us to contrast processes only w.r.t. user behaviours by some variant of 
refusal trace inclusion. Moreover, it still remains to investigate in which extent the approach described 
in []5l to other possible scenarios and to a different (maybe larger) class of tests. For what concerns 
FASE, a first important result achieved in [|3l is the improvement of the catastrophic cycles detection since 
ensuring their absence is the basis for any further performance analysis. For bad cycles, we are obtaining 
encouraging results but they are still under validation. Moreover, it's still open the problem of finding the 
n-critical path for a given n\ we believe that further studies on the characteristics of an n-critical path can 
help us to find a useful solution. 
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